gist/matrix/m.room.power_levels
2024-03-11 10:00:03 +02:00
..
README.md m.room.power_levels: Drop ACL to 99, bumb invite to 13, remove medium version, clarify paranoid version 2024-03-11 10:00:03 +02:00

Template power levels event for quick copy-pasting

The main point I do this for is users users

{
    "users": {
        "@Ciblia:matrix.org": 100,
        "@aminda:dendrite.matrix.org": 100,
        "@aminda:matrix.org": 100,
        "@aminda:mozilla.org": 100,
        "@aminda:pikaviestin.fi": 100,
        "@aminda:tedomum.net": 100,
        "@mikaela:tchncs.de": 100,
        "@mikaela-5756df8cc43b8c6019785660:gitter.im": 100,
        "@mkaysi:fedora.im": 100,
        "@mikaela.suomalainen:matrix.org": 100,
        "@mikaela.matterbridge:converser.eu": 100,
        "@mikaela.matterbridge:tedomum.net": 100,
        "@aminda:beeper.com": 100,
        "@aminda:masfloss.net": 100,
        "@aminda:envs.net": 100,
        "@leon:masfloss.net": 99,
        "@fidino:artemislena.eu": 99,
        "@mjolnir_3a78dd65-60a4-4c3a-9a60-01e214a5d6f6:draupnir.midnightthoughts.space": 99
    }
},

Completeish event

This has the rest event in two forms, but doesnt duplicate the above.

Generic notes:

  • Dont have anything in events {} as 0 or otherwise users will be able to send state events with that name including gigabytes of data breaking the room.
    • Refer to security considerations of MSC3779.

Reasonable version

This is not the Element/Synapse default as that would be pointless to list.

{
  "ban": 50,
  "events": {
    "im.vector.modular.widgets": 50,
    "m.room.avatar": 50,
    "m.room.canonical_alias": 13,
    "m.room.encryption": 100,
    "m.room.history_visibility": 99,
    "m.room.join_rules": 50,
    "m.room.name": 50,
    "m.room.pinned_events": 25,
    "m.room.power_levels": 50,
    "m.room.retention": 100,
    "m.room.server_acl": 99,
    "m.room.tombstone": 100,
    "m.room.topic": 25,
    "m.space.child": 50,
  },
  "events_default": 0,
  "historical": 100,
  "invite": 13,
  "kick": 25,
  "redact": 25,
  "state_default": 50,
  "users": {
    // READ THE BEGINNING OF THE FILE FOR THIS SECTION AND PROPER FORMAT! OR SEE YOUR CURRENT EVENT!
  },
  "users_default": 0,
}
  • m.room.history_visibility is lowered to 99 as its a less permanent action than many of the others. I am not sure on my initial logic, but its documented in PPFI repo as PL100 vs PL99.
  • m.room.power_levels is set to 50 so moderators can raise others to moderators for example matrix-appservice-irc, which I would then give PL51 for ops syncing. On matrix side immune mods, could be PL52.
  • m.room.server_acl is set to 99 so moderation bots can function and do mostly everything while admins still have power over them.
  • invite commonly defaults to 50, but I havent seen abuse through it. However as it changes state by introducing membership event, it goes to the minimum power of 13.
  • PL25, half-moderator is introduced (inspired from Ergo/IRC halfop), with powers to: change room topic, pinned messages, remove messages and kick users (but not ban).
    • Maybe this could be used e.g. in an association where a secretary/someone unwilling to be a full moderator wants to update room topic for next meeting time or update a version number? 🤷 Alternatively someone not wanting full moderator responsibility could remove spam while not participating in banning discussions.
  • PL13 gets access to change main alias and add/remove published room aliases alongside (at least on Synapse) un/publish the room in the room directory. Additionally has it also affects state, they can invite others.
    • This can be used with e.g. altalias maubot plugin. I dont care about room directory or the main alias as it doesnt affect ctrl-k that much anyway, rooms are generally discovered through Spaces and I use Matrix URI scheme which takes room internal ID and servers to find it from instead of caring about the alias. Most importantly dont give permissions to entirely untrusted users.

Paranoid version

{
  "ban": 50,
  "events": {
    "im.vector.modular.widgets": 100,
    "m.room.avatar": 100,
    "m.room.canonical_alias": 100,
    "m.room.encryption": 100,
    "m.room.history_visibility": 100,
    "m.room.join_rules": 100,
    "m.room.name": 100,
    "m.room.pinned_events": 100,
    "m.room.power_levels": 100,
    "m.room.retention": 100,
    "m.room.server_acl": 99,
    "m.room.tombstone": 100,
    "m.room.topic": 100,
    "m.space.child": 100,
  },
  "events_default": 0,
  "historical": 100,
  "invite": 100,
  "kick": 50,
  "redact": 50,
  "state_default": 100,
  "users": {
    // READ THE BEGINNING OF THE FILE FOR THIS SECTION AND PROPER FORMAT! OR SEE YOUR CURRENT EVENT!
  },
  "users_default": 0,
}
  • Almost everything requires PL100
  • invite, kick, redact and state_default are bumbed to 100, 50, 50 and 100 in that order.